diff options
author | Rich Salz <rsalz@akamai.com> | 2015-05-04 07:52:27 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-05-04 10:44:58 -0400 |
commit | b6d3cb543c2e91aa6820cde637db55ad1cee525f (patch) | |
tree | c010c7e7413308aeff460287428cd3ad377a786d /apps/ca.c | |
parent | b8cba00807e6dd766b7bcdd3656e250e05dbe56f (diff) |
RT1369: don't do "helpful" access check.
Don't do access check on destination directory; it breaks when euid/egid
is different from real uid/gid.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Signed-off-by: Rich Salz <rsalz@akamai.com>
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 21 |
1 files changed, 5 insertions, 16 deletions
@@ -703,24 +703,13 @@ end_of_options: #ifndef OPENSSL_SYS_VMS /* * outdir is a directory spec, but access() for VMS demands a - * filename. In any case, stat(), below, will catch the problem if - * outdir is not a directory spec, and the fopen() or open() will - * catch an error if there is no write access. - * - * Presumably, this problem could also be solved by using the DEC C - * routines to convert the directory syntax to Unixly, and give that - * to access(). However, time's too short to do that just now. + * filename. We could use the DEC C routine to convert the + * directory syntax to Unixly, and give that to app_isdir, + * but for now the fopen will catch the error if it's not a + * directory */ - if (app_access(outdir, R_OK | W_OK | X_OK) != 0) - { - BIO_printf(bio_err, "I am unable to access the %s directory\n", - outdir); - perror(outdir); - goto end; - } - if (app_isdir(outdir) <= 0) { - BIO_printf(bio_err, "%s need to be a directory\n", outdir); + BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir); perror(outdir); goto end; } |